Author: dannf Date: Mon Jan 21 01:06:50 2008 New Revision: 10156 Log: * 253_coredump-only-to-same-uid.diff [SECURITY] Fix an issue where core dumping over a file that already exists retains the ownership of the original file See CVE-2007-6206
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog ============================================================================== --- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Mon Jan 21 01:06:50 2008 @@ -41,6 +41,10 @@ 252_openpromfs-checks-3.diff [SECURITY] Fix a number of data checks in openprom code See CVE-2004-2731 + * 253_coredump-only-to-same-uid.diff + [SECURITY] Fix an issue where core dumping over a file that + already exists retains the ownership of the original file + See CVE-2007-6206 -- dann frazier <[EMAIL PROTECTED]> Mon, 12 Nov 2007 16:29:16 -0700 Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff ============================================================================== --- (empty file) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff Mon Jan 21 01:06:50 2008 @@ -0,0 +1,35 @@ +From: Willy Tarreau <[EMAIL PROTECTED]> +Date: Mon, 10 Dec 2007 06:00:14 +0000 (+0100) +Subject: [PATCH] vfs: coredumping fix +X-Git-Tag: v2.4.36-rc1~4 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fwtarreau%2Flinux-2.4.git;a=commitdiff_plain;h=62b548a60eaff6f986e9b3f5fd602ddae451b33e + +[PATCH] vfs: coredumping fix + +Backport of 2.6 commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af by Ingo Molnar. + +fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043 + +only allow coredumping to the same uid that the coredumping +task runs under. + +Signed-off-by: Willy Tarreau <[EMAIL PROTECTED]> +--- + +diff --git a/fs/exec.c b/fs/exec.c +index 1d23db6..87d06b1 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1167,6 +1167,12 @@ int do_coredump(long signr, struct pt_regs * regs) + + if (!S_ISREG(inode->i_mode)) + goto close_fail; ++ /* ++ * Dont allow local users get cute and trick others to coredump ++ * into their pre-created files: ++ */ ++ if (inode->i_uid != current->fsuid) ++ goto close_fail; + if (!file->f_op) + goto close_fail; + if (!file->f_op->write) Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 ============================================================================== --- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 (original) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Mon Jan 21 01:06:50 2008 @@ -12,3 +12,4 @@ + 250_openpromfs-checks-1.diff + 251_openpromfs-checks-2.diff + 252_openpromfs-checks-3.diff ++ 253_coredump-only-to-same-uid.diff _______________________________________________ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes